Security in multiple wireless local area networks

ABSTRACT

A wireless local area network is provided with simplified RF ports which are configured to provide lower level media access control functions. Higher level media access control functions are provided in a cell controller, which may service one or more RF ports that are capable of operating based on a pre-assigned security level. Mobile units can also be configured with the higher level media access control functions being performed in a host processor.

REFERENCE TO PRIOR APPLICATION

[0001] This application is a continuation-in-part of pending applicationSer. No. 091780,741, filed Feb. 9, 2001, which is a continuation-in-partof pending application Ser. No. 09/528,697, filed Mar. 17, 2000.

BACKGROUND OF INVENTION

[0002] This invention relates to wireless data communications networks,and in particular to arrangements for communications between mobile datahandling units and a central computer using wireless datacommunications.

[0003] The assignee of the present invention supplies a wireless datacommunications system known as the Spectrum 24 System, which follows theradio data communications protocol of IEEE Standard 802.11. In thesystem as implemented, mobile units are in data communication with acentral computer through access points. The access points maycommunicate with a central computer or computers over a wired network.Each of the mobile units associates itself with one of the accesspoints. The access points in this system are functional to perform allthe implemented requirements of the standard protocol, including,association and roaming functions, packet formulation and parsing,packet fragmentation and re-assembly encryption and system accesscontrol. In order to maintain order and reduce radio communications eachaccess point must determine which of the data communications receivedover the wired network from the central computer is destined for amobile unit associated with that particular access point. Thisrequirement adds significant computational capacity to the access point,increasing the cost thereof.

[0004] In addition, in applications that must support a high volume ofdata communications from multiple users, such as systems supporting aself-service shopping system, hospital systems, systems that includepaging or voice data links to many users, or systems supportingcommunicating with electronic shelf labels, additional access points arerequired to support the data communications traffic, increasing theoverall system cost.

[0005] The cost of an operational access point is dependent not only onthe complexity thereof and the requirement for high speed processing ofdata pockets for purposes of selecting those destined for mobile unitsassociated with an access point, but the additional cost of theinstallation of electrical power to the location of the access point,and the cost of a power supply to convert AC electrical power to DCpower for the circuits of the access point. Further cost may be involvedin physically mounting the access point hardware and antenna.

[0006] In prior systems each access point is connected on an Ethernetwired network to the central computer. The access points are required todetermine the identity of mobile units which have become associated withthem and to extract from the data packets on the Ethernet network thosepackets addressed to a mobile unit associated with the access point.This requirement has led to significant processing burden for the accesspoints and led to increased cost for the access points.

[0007] In the system described in my prior published InternationalPatent Application WO 099 37047, published Jul. 22, 1999, the centralcomputer communicates over an Ethernet wired network with an intelligentswitching hub. Alternately a token ring network can be used. Theswitching hub determines the destination of each packet and routespackets to an access point if the destination of the packet is a mobileunit associated with the access point. To achieve this function, the hubis an intelligent hub which maintains a routing list of mobile units andtheir associated access point according to the port of the hub.

[0008] In practice, the hub need only maintain a source list for thoseaccess points connected to the hub and mobile units associated with theaccess points connected to the hub. Thus, if a packet is received at ahub over the Ethernet with a destination address which is not associatedwith that hub, the packet is ignored. The hub will route the packet toan access point only if the destination address of the packet isidentified on the list. When a packet is received on a hub portassociated with a communications line connected to an access point, thesource address is associated with the hub port in the list. The packetis routed either to the Ethernet connection or to another port accordingto the destination address.

[0009] By determining destination address in the hub and maintaining theassociation of a mobile unit address with an access point connected to aport of the hub in a routing list of the hub, the functionality requiredof the access points is greatly reduced. The access point acts merely asa conduit sending RF transmissions of packets received on itscommunication line, and receiving transmissions from associated mobileunits and providing Ethernet packets to the hub. In addition, the accesspoint must provide mobile unit association functions and other 802.11protocol functions, as provided in the Spectrum 24 system, and may alsoprovide proxy polling responses for associated mobile units that are inpower saving mode.

[0010] The prior system may have a large number of access points, eachwith a memory containing program instructions for carrying out thevarious required functions. This distribution of processing makes itdifficult to upgrade a system or to provide changes in systemconfiguration because any upgrade or change may require changes to theprogram code in each of the access points. Such distribution ofprocessing functions also makes system management functions, such asload balancing or access control more difficult.

[0011] It is therefore an object of the present invention to provide animproved wireless data communications methods and systems having lowercost, to enable the economical provision of reliable wireless datacommunications with increased capacity in complex installations or atreasonable cost or simple installations.

SUMMARY OF THE INVENTION

[0012] In accordance with the invention there is provided a system forproviding wireless data communications between mobile units and a wirednetwork. The system includes a plurality of RF ports having at least onedata interface and arranged to receive formatted data signals at thedata interface and transmit corresponding RF data signals and arrangedto receive RF data signals and provide corresponding formatted datasignal. There is also provided at least one cell controller, arranged toreceive data signals from the wired network and to provide formatteddata signals corresponding thereto and to receive formatted data signalsand to provide data signals corresponding thereto to the wired network,the cell controller controls association of mobile units with one of theRF ports, provides formatted data signals for said mobile units to anassociated RF port and receives formatted data signals from the mobileunit from the associated RF port.

[0013] In accordance with the invention there is provided an improvementin a wireless data communications network coupled to a data processingsystem, having a plurality of RF ports and mobile units, wherein themobile units associate with one of the RF data communications ports toconduct data communications with said data processing system. The mobileunits are assigned to one of the RF ports by a cell controller, and thecell controller is arranged to receive first data communications fromthe data processing system and to relay the data communications to anassigned RF port and to receive second data communications from the RFports and relay the second data communications to the data processingsystem.

[0014] In accordance with the invention there is provided a method foroperating a wireless local area network having at least one RF port, aplurality of mobile units and a cell controller coupled to the RF port.The RF is operated port to relay signals received from mobile units tothe cell controller and to relay signals received from the cellcontroller to the mobile units. The cell controller is operated tocontrol association of the mobile units with the RF port, includingsending and receiving association signals between the RF port and thecell controller, and to send messages to and from the mobile unit viathe RF ports.

[0015] In accordance with the invention there is provided an improvementin a mobile unit for use in a wireless data communications system,wherein the unit has a data processor and programs for the dataprocessor and a wireless network adapter having a programmed processorand a radio module. The programmed processor performs firstcommunications processor functions including control of the radio moduleand the data processor operates under the programs to perform secondcommunications processor functions, including association with a radioaccess location of the wireless data communications system.

[0016] According to the invention there is provided an improvement in awireless data communications system for providing data communicationsfollowing a standardized protocol, wherein the protocol includesassociation of mobile units with radio access locations. At least one RFport is provided at a radio access location, which RF port comprises aradio module and an RF port processor in data communications with aprogrammed computer. The RF port processor performs first functions ofthe standardized protocol and the programmed computer performs secondfunctions of the standardized protocol, including the association ofmobile units with said radio access location.

[0017] According to the invention there is provided an RF port for usein a wireless data communications system comprising a radio modulehaving a data interface and a transmitter/receiver for wireless datacommunications; and a digital signal processor having first and seconddata communications ports, random access memory and read-only memory.The second data communications port is coupled to the data interface ofsaid radio module. The read-only memory is provided with a bootloaderprogram for controlling the digital signal processor to load programinstructions to the random access memory via the first communicationsport. According to the invention there is provided a method foroperating an RF port having a radio module, a digital processor, randomaccess memory and read-only memory. A bootloader program is stored inthe read-only memory. The digital processor is operated to downloadinstructions from a computer to the random access memory using thebootloader program and the RF port is operated under the downloadedinstructions to send and receive messages using the radio module.

[0018] According to the invention there is provided a method fortransmitting signals having a wireless signal format using an RF porthaving a wired network interface, a data processor and an RF module.Signals are provided to the wired network interface having wirelessaddress data and message data within a data packet addressed to the RFport using a protocol for the wired network. The processor is operatedto provide wireless data signals having the wireless signal format forthe address data and the message data to said RF module and operatingthe RF module is operated to transmit the wireless data signals as an RFsignal modulated with the wireless signal format.

[0019] According to the invention there is provided a method fortransmitting signals having a wireless signal format using an RF porthaving an Ethernet interface, a data processor and an RF module. AnEthernet data packet is provided to the Ethernet interface, the Ethernetdata packet encapsulating as data a data message having the wirelesssignal format. The data processor is operated to provide the datamessage to the RF module. The RF module is operated to transmit the datamessage as an RF signal.

[0020] According to the invention there is provided a method forreceiving signals having a wireless signal format including wirelessaddress data and message data at an RF port having a wired networkinterface, a data processor and an RF module. The RF module is operatedto receive RF signals having the wireless signal format. The dataprocessor is operated to receive wireless data signals from the RFmodule and provide data signals to the wired network interfacecomprising a data packet having a source address corresponding to the RFport using a protocol for the wired network, the data packet includingthe wireless address data and the message data.

[0021] According to the invention there is provided a method forreceiving RF message signals having a wireless signal format includingan address data format and message data using an RF port having anEthernet interface, a data processor and an RF module. The RF messagesignals are received in the RF module and provided as data signals tothe data processor. The data processor is operated to interpret addressdata in the data signals and, in dependence on the address data, saidmessage data and said address data is encapsulated in an Ethernetpacket, which is provided to the Ethernet interface.

[0022] In accordance with the invention there is provided a simplifiedwireless local area network system including a computer having a dataprocessor and a memory, an RF port having an RF port data processor, anRF module and a data communications interface coupled to the computer. Afirst program is provided in the memory of the computer for operatingthe computer data processor to perform first wireless datacommunications functions, including association with mobile units. Asecond program is provided for operating the RF port data processor toperform second wireless data communications functions.

[0023] According to the invention there is provided a wireless accessdevice for providing wireless access to a communication system. Thedevice includes a modem for sending and receiving data messages on thecommunications system and an RF port, having a data interface coupled tothe modem, a data processor and an RF module. The data is programmed toreceive data messages from the modem, to format the messages forwireless data communications and to provide the formatted messages tothe RF module for transmission by RF data signals to at least one remotestation, and to receive RF data signals from the at least one remotestation, and to provide data messages to the modem to be sent on thecommunications system.

[0024] According to the invention there is provided a method forproviding wireless access to the Internet. A modem having a datacommunications interface connected to an RF port is connected to theInternet. The RF port is configured for wireless data communication toat least one mobile unit having a predetermined wireless communicationsaddress. A mobile unit configured with the predetermined wirelesscommunications address is provided for conducting RF data communicationswith the RF port. The RF port is arranged to relay communicationsbetween the mobile unit and the modem.

[0025] The apparatus and methods of the present invention provide RFports as radio access locations which are less expensive than knownaccess points and provide greater system management and flexibility.Much of the software used for controlling communications to and frommobile units is performed in a controller wherein software upgrades andchanges are easily implemented. According to some embodiments, whereininstructions are downloaded to RF ports, it becomes easy to upgrade RFport instructions. System control is centralized, making managementeasier and enabling changes to access control and encryption functions.Priority for traffic purposes can also be established to facilitatedigital telephony by giving priority to voice traffic. Accordingly, asystem is provided that has significant flexibility using common RF porthardware to provide a wireless LAN having from one to hundreds of radioaccess locations.

[0026] According to the invention, the same RF port may provide multipleESS identifications such that each ESS identification is associated witha separate virtual wireless local area network having its own policiesand security.

[0027] For a better understanding of the present invention, togetherwith other and further embodiments thereof, reference is made to thefollowing description, taken in conjunction with the accompanyingdrawings, and its scope will be pointed out in the appended claims.

BRIEF DESCRIPTION OF THE DRAWINGS

[0028]FIG. 1 is a block diagram of a wireless communications system inaccordance with the present invention.

[0029]FIG. 2 is a block diagram illustrating one example of a mobileunit arranged to be used in the system of FIG. 1.

[0030]FIG. 3 is a block diagram illustrating one example of an RF portfor the system of FIG. 1.

[0031]FIG. 4 is a more detailed block diagram of a preferred embodimentof an RF port in accordance with the invention.

[0032]FIG. 5 is a block diagram of an arrangement of a computer and RFport for providing a simplified wireless local area network according tothe present invention.

[0033]FIG. 6 is a block diagram of an arrangement for providing wirelessaccess to the Internet using the RF port of the present invention.

[0034]FIG. 7 is a diagram showing signal format according to oneembodiment of the invention.

[0035]FIG. 8 is a diagram showing an compilation of RF ports havingmultiple ESS arrangements for providing overlapping, multiple wirelessnetworks.

DESCRIPTION OF THE INVENTION

[0036] Referring to FIG. 1, there is shown an example of a wireless datacommunications system 10 according to the present invention forproviding data communications between a central computer or a collectionof computers on a wired network 16 and a plurality of mobile units 20.While prior systems used access points at each radio access location,where the access points are capable of managing wireless communicationswith mobile units, the system of FIG. 1 uses simplified RF ports 18 ateach radio access location to provide radio packet communications withthe mobile units 20 using a wireless communications protocol, such asEEEE Standard 802.11, whereby the radio modules in the mobile units 20monitor polling signals from the RF ports 18, which are originated bythe cell controllers 14 and associate with an RF port 18 for purposes ofdata communications. The system arrangement of FIG. 1 is especiallyeffective in a large wireless local area network (LAN) system wherein itmay be necessary to provide a large number of radio access locations.Typically such systems, operating at low power microwave frequencies,require radio access locations at about every 100 feet. Where thewireless LAN system must operate with mobile units, for example,portable computers or similar devices, located throughout a largefacility, such as a business, hospital complex or university campus,many such radio access locations may be required, possibly severalhundred. Accordingly there is an incentive to reduce the cost of theinstallation at each radio access location. According to the presentinvention the system configuration and operation are redesigned toreduce the cost of each individual radio access point. In addition, thesystem of the present invention provides a concentration of operationalcontrol in one or more central controllers 14, making management of thesystem easier and making modifications and upgrades easier to install.

[0037] According to the invention, much of the functionality of the802.11 protocol associated with the conventional access point, isremoved from the device located at the radio access location andprovided in a cell controller 14, which may be located in conjunctionwith a switching hub 12, connected to the wired network 16, with whichthe wireless network 10 is associated. In particular the usual “accesspoint” device is replaced with a simpler device 18, herein referred toas an “RF port” which contains the RF module, which may be the same RFmodule used in the prior art access point, and simplified digitalcircuits to perform only a limited portion of the 802.11 media accesscontrol (MAC) functions performed by the prior art access point. Inparticular the RF port 18 preferably performs only functions of theaccess point that require a lower level of processing resources in termsof processor capacity and software complexity (memory requirement), andwhich are time critical. Other functions that are more processorintensive and require more complex programming, and which are not timecritical, are relegated to one or more “cell controllers” 14, which mayperform these more complex functions for a plurality of RF ports 18.

[0038] In order to perform the higher level processing functions of theaccess point in the cell controller 14, according to the presentinvention, all messages directed to or from mobile units 20 associatedwith a particular RF port 18 are processed in a cell controller 14. Asystem may have one or more cell controllers, which may comprise, e.g.Pentium-type board level computers, each of which is arranged andprogrammed to handle data message traffic and mobile unit associationsfor a selected plurality of RF ports 18. A switching hub 12 may beinterposed to provide message switching among the wired networkconnected to communications line 16, RF ports 18 and cell controllers14. Each of the one or more cell controllers 14 acts as a virtual“access point” for traffic addressed to its associated RF ports 18 andto the mobile units 20 associated with those RF ports. When a message isaddressed to a mobile unit 20 is received on line 16, switching hub 12directs the message to the appropriate cell controller 14, whichreformats the message and relays the message to the appropriate RF port18, again through switching hub 12. When the message is received by anRF port 18, it is converted to a radio message and sent to the mobileunit 20 with a minimum of processing.

[0039] Likewise, when a message is received from a mobile unit 20 by anRF port 18, it is converted to a digital message packet and relayed tothe cell controller 14 associated with the RF port 18 through theswitching hub 12. The cell controller 14 parses the message for furtherrelay in the system.

[0040] An important feature of a preferred embodiment of the inventionis the fact that mobile unit association with the RF ports 18 is afunction handled by the cell controller 14. Accordingly, when a mobileunit 20 first becomes active, it sends an association request signal inresponse to a beacon signal sent by an RF port 18 (in response todirection by the cell controller). The association request signal isrelayed by the RF port 18 to the cell controller 14, which performs theprocessing required for association, including consideration of RF portloading. Cell controller 14 generates appropriate response signals to besent by the RF port 18 to the mobile unit 20. The cell controller 14 isin an appropriate position to evaluate the loading of the RF ports 18under its control, and may therefore easily perform load levelingfunctions, for example, by providing a message to RF port 18 acceptingor declining an association request. In addition, the cell controller 14may receive load messages from other cell controllers 14 in the system10 and thereby coordinate overall load management. As a mobile unit 20moves from a location serviced by one RF port 18 to a location servicedby a different RF port 18, the cell controller 14 receives informationfrom the mobile unit 20 indicative of its reception of beacon signalsfrom the various RF ports in the system and performs the necessaryfunctions to support roaming of mobile unit 20.

[0041] While in the system 10 of FIG. 1 the cell controllers 14 areshown as separate computers connected to switching hub 12, the term“cell controller” is intended to refer to the logical functionsperformed by these computers rather than the computers themselves. Aswill become apparent, the cell controller may be implemented in avariety of ways other than as shown in the exemplary system 10 of FIG.1.

[0042] Implementation of a simplified RF port is achieved by performing“higher level” functions of the 802.11 protocol Media Access Control(MAC) in the cell controller and performing “lower level” functions in asimplified RF port.

[0043] The lower level functions are those that are hardware intensiveand often time critical. The higher level functions are those that aresoftware intensive and not time critical. One possible division of theexemplary 802.11 MAC functions is as follows:

[0044] Lower Level Functions (preferably to be performed at RF port)

[0045] Cyclic Redundancy Check (CRC)

[0046] Network Activity Vector (NAV)

[0047] Ready to Send/Clear to Send (RTS/CTS)

[0048] Header generation/parsing

[0049] Collision Avoidance

[0050] Frequency Hopping

[0051] Ack parsing/generating

[0052] Retransmission timeout

[0053] Higher Level Functions (preferably to be performed at CellController)

[0054] Association processing

[0055] Roaming

[0056] Retransmission

[0057] Rate Control

[0058] Host Interface

[0059] The following optional (higher or lower) level MAC functions canbe placed in either the higher or lower level categories.

[0060] Wired Equivalent Privacy encryption/decryption (WEP)

[0061] Fragmentation/Reassembly

[0062] Data Movement

[0063] Power Save Polling Support (PSP)

[0064] According to a preferred arrangement of the system of theinvention, the lower level MAC functions are provided at the RF port,the higher level MAC functions are provided in the cell controller andthe optional level functions can be provided at either the cellcontroller or the RF port.

[0065] A major advantage of the invention is a cost savings in hardware,processor capacity and storage capacity for the RF port. Since a systemwith, for example, one hundred or more radio access locations may beimplemented with one or two cell controllers, the processor hardware andmemory required for the higher level MAC functions need be provided onlyat the cell controllers. In fact, the capabilities of the overallsystem, for WEP encryption and other special functions, can be increasedat modest cost by using a high performance board level personal computeror even a host computer as a cell controller.

[0066] By eliminating the higher level MAC functions from the radioaccess locations, the cost of the devices installed at those locationscan be significantly reduced because of lower processor capacity andstorage.

[0067] In connection with association and roaming functions the RF ports18 provide beacon signals in response to commands generated by the cellcontroller 14. When an association sequence is initiated by a mobileunit, the RF port 18 relays the association messages between the mobileunit 20 and the cell controller 14 during the association process, whichis handled by the cell controller 14.

[0068] In connection with message traffic to a mobile unit 20 from anetwork processor, message packets are routed by switching hub 12 to thecell controller 14 responsible for the mobile unit 20 addressed. Themessage is buffered and formatted by the cell controller 14 and in apreferred arrangement encapsulated by the cell controller 14 as a mobileunit packet within a wired network packet addressed to the responsibleRF port 18. This packet is routed to the RF port 18. The RF port 18extracts the mobile unit packet from the message and sends the packet tomobile unit 20 as a radio signal. The RF port 14 may also provide a CRCcalculation and generate CRC data to be added to the message. The mobileunit 20 responds with an acknowledgment signal to the RF port 18, whichgenerates and sends an acknowledgment status message to cell controller14.

[0069] In connection with messages for systems connected to the wirednetwork 16, the mobile unit 20 sends a packet to the RF port 18 by radiosignal. The RF port 18 filters received radio message packets accordingto the BSS (Basic Service Set) identifier in the packet and, if thepacket has a BSS identifier associated with the RF port 18, performs theCRC check as the packet is received. The RF port 14 then generates andsends an acknowledgment signal to the mobile unit 20 and sends thereceived packet to cell controller 14. Cell controller 14 buffers,parses and, if necessary, decrypts the packet and routes the packet tothe host on network 16 through hub 12.

[0070] The arrangement of RF port 18 maybe identical to current accesspoints used in the Spectrum 24 system with some of the access pointsoftware non-functional. Preferably the RF ports are simplified toreduce cost and power consumption. To reduce installation expenses theRF ports are powered via an Ethernet cable, which also connects RF ports18 to switching hub 12 or to cell controller 14. The RF ports can bearranged in a small package (e.g. portable radio size) with integrateddiversity antennas and arranged for easy mounting, such as by adhesivetape or Velcro. Connection to the switching hub 12 is by Ethernet cablewhich is also provided with D.C. power, such as by use of a chokecircuit, such as Pulse Model PO421 as described in my referencedInternational Application. The choke circuit may be built into anEthernet connector and is available in this configuration.

[0071] The RF port 18 does not have to perform Ethernet addressfiltering and does not have to perform 802.11 association and roamingfunctions and can therefore have a lower level of processor capacity,software support, memory and power consumption. In one embodiment shownin FIG. 3 the RF port 18 includes only a digital signal processor (DSP)38 which includes internal RAM and ROM. The DSP 38, which may be one ofthe Texas Instruments TMS 320 family of DSP processor, such as the 5000series, specifically the TMS 320 UC 5402 or the TMS 320 VC 5402. ThisDSP provides an interface between the Ethernet cable 46 and the RFmodule 42 in RF port 18, as shown in FIG. 3. The RF module 42 isprovided in housing 36 with DSP 38, DC/DC power supply 40 and carryingone or more antennas 44. RF module 42 includes a 3860 or 3861 basebandprocessor, such as HFA 3860B, to interface with the digital portion ofthe RF port 18, specifically DPS 38. In one arrangement the ROM memoryof the DSP 38 can be provided with “bootloader” firmware that downloadsthe necessary DSP software instructions from the cell controller 14 uponstartup of the RF port 18, and loads the instruction into the RAM of theDSP 38.

[0072] The processors that are currently preferred as a possible lowerlevel MAC engine are the TMS320UC5402 and the TMS320VC5402. These partsare functionally identical except for differences in power consumption(the VC5402 is currently in production and while the UC5402 is stillbeing sampled). The basic configuration of the UC5402/VC5402 is:

[0073] 100 MIPS execution rate

[0074] 8 KB on chip ROM (organized as 4K×16 bits)

[0075] 32KB on chip RAM (organized as 16K×16 bits)

[0076] Two 16 bit timers with 1 μs or better resolution

[0077] Two High speed, full duplex serial ports (up to 50 Mbits/seceach) with smart DMA channel support

[0078] One High speed 8 bit wide host/parallel port (160 Mbit/sec)

[0079] Six DMA channels for general purpose use

[0080] 16 bit external memory/IO Bus with internal wait state generation

[0081] 16 interrupts with 3 instruction (30 ns) worst case latency

[0082] 0.54 mW/MHz power consumption (30 mA@1.8 v at 100 MHz)

[0083] Low Power Modes (6 mA, 2 mA, 2 μA depending on setting)

[0084] Internal PLL that generates the system clock with an externalcrystal

[0085] This section will describe the use of a 5402 DSP 38 as a MACengine for 11 Mbit/sec 802.11 DS systems. It could clearly be used in FHsystems as well. We will focus on the how the 5402 interfaces to theIntersil 3860/1 baseband processor in RF module 42 and how it implementsthe lower level MAC functions.

[0086] The first issue is how the 5402 DSP 38 interfaces to the 3861(much of what is said applies to the 3860 as well) and the rest of theRF module 42. As shown in FIG. 4, the 3861 processor 53 in RF module 52of RF port 50 has 2 major interfaces, both serial. The first interface,labeled DATA, is used to transfer data between the MAC engine comprisingDSP 64 and the 3861. It has four lines: TxD, TxC, RxD, and RxC andoperates at up to 11 Mbits/sec. The exact rate depends on the transferrate of the packet. The clock signals of both interfaces are generatedby the 3861 and so transfers are controlled by the 3861. Both can behalted at any time by the 3861 as well as change rate. The second serialinterface, labeled CONTROL is used to load commands into the 3861 andread status information from the 3861. This interface is a 4 wirebi-directional interface using one data line, one clock line, one“direction control” line, and a chip select line. This serial interfacealso can operate at up to 11 Mbits/sec. In addition to the serialinterfaces, there are additional control and status lines such as Reset,TX_PE, RX_PE, TX_RDY, etc.

[0087] The 5402 DSP 38 has two sets of full duplex serial interfacesthat are capable of operation up to 50 Mbits/sec (given a 100 MHzclock). They can be clocked using internal or external sources. In thisdesign one of the sets of serial interfaces, labeled SER1, is used toconnect to the high speed data lines of the 3861 interface 53. The 5402DSP 38 interfaces have the same basic lines (RxD, RxC, TxD, TxC) as doesthe 3861 and so they connect with minimal trouble. Although the 5402uses 1.8 v for its core, its I/O lines are 3.3 v tolerant and so caninterface to the 3861 without converters. In addition, they are fullystatic and so can deal the start/stop operation of the clock lines fromthe 3861.

[0088] Data transfer will be done under DMA control within the 5402using what TI calls “Auto Buffering Mode.” This provides essentiallydedicated DMA channels for each serial port interface (two DMA channelsper serial port interface). These channels access an independentlyoperating bank of SRAM and so transfers have no impact on CPUperformance. The CPU can start transfers in either direction and benotified via interrupt on their completion.

[0089] Interfacing to the control serial port on the 3861 interface 53can be done in three different ways. The first, illustrated in FIG. 4,utilizes the second serial port, labeled SER 2 on the 5402 DSP 64 with asmall amount of combinatorial logic/buffering to convert between thesingle data line of the 3861 and the dual data lines of the 5402.Another approach is to use an external shift register that would performserial/parallel conversion. This register would sit on the I/O bus ofthe 5402 and would be loaded/read by the 5402 and data shifted betweenit and the 3861. The third approach is to use an external buffer/latchon the 5402 I/O bus and “bit bang” the clock/data lines to the 3861. Thesecond or third approaches free up the second serial channel for moreother use such as providing high speed serial interfaces such asEthernet or USB and in some applications would be preferred over thefirst. All require a small amount of external combinatorial logic and sothe cost of all solutions is about the same.

[0090] The same logic would apply to interfacing to the synthesizer. Itis accessed even less often than the control port of the 3861 and so a“bit banging” approach would work fine.

[0091] Finally, interfacing to the various control and status linespresented by the 3861 can be done via simple bidirectionalregister/latch connected to the I/O bus of the 5402. The 5402 canread/write this register as it needs to control and monitor the 3861. Itwould be possible to combine all control/monitor functions (includingthe serial control interface) into a single 16 bit buffered registerlatch. Parallel control/status lines would be connected to particularlines of this latch. Serial control interfaces would also be connectedand “bit banged” as necessary to move data between the 5402 and 3861.

[0092] The arrangement shown in FIG. 4 uses a Crystal CS 8900 A Ethernetcontroller 63 coupled to the parallel port of DSP 64 to interface to theEthernet port 58. An Ethernet connector/choke 58 receives cable 60 andprovides DC power from cable 60 to DC/DC power supply 62. The FIG. 4 RFport 50 includes spaced diversity antennas 54, 56 to improve receptionin multipath conditions.

[0093] A premise of this design is that the TI DSP is capable ofimplementing all lower level MAC functions without external hardwareassistance. This, of course, is the most demanding model but we willfind that the 5402 is up to the task. The most computational demandingtasks are the CRC-32 and WEP processing. The CRC-32 calculation isperformed over the entire packet and must be completed in time togenerate an ACK should the CRC turn out to be correct (or to attach thecalculation result to an outgoing packet on transmission). This meansthat the CRC calculation must be performed in near real-time duringpacket transfer between the 3861 and 5402. TI has shown in anapplication note that a CRC-32 calculation can be made by a 5000 seriesDSP in 13 instructions. At 100 MIPS this is about 130 ns. At 11Mbit/sec, a byte takes about 770 ns to transfer and so we have plenty oftime to do the CRC. When receiving a packet, the serial port would betransferring the data from the 3861 to SRAM within the 5402. At the sametime the CPU within the 5402 would be reading each received byte fromSRAM and calculating the CRC. It would of course have to make sure thatit did not overrun the receive buffer, but that would be a relativelysimple task. Much the same process would happen during transmission. Ineither case, the CPU has lots of time to do the CRC.

[0094] The WEP processing if performed in the RF port 50, is a harderfunction to perform than CRC-32 since it includes both an RC4 encryptionfunction and a second CRC-32. At the same time it does not need to becompleted prior to ACK generation/reception nor is performed on everypacket (just data packets). The RC4 encryption function consists of twoparts: building the encryption table (a 256 byte table) using theselected key and doing the encryption/decryption process. Based onsample code, it is estimated that building the table would require about1200 instructions (12 ms at 100 MIPS) and the encryption/decryptionprocess would require about 12 instructions/byte. There is no differencein this cost for 40 or 128 bit keys. The WEP CRC-32 would requireanother 13 instructions per byte.

[0095] The per byte computational burden for WEP would thus be about 25instructions or about 250 ns at 100 MIPS. When added to the packetCRC-32, the total load would be around 38 instructions/byte. As wepointed out, at 11 Mbit/sec we have about 77 instructions/byteavailable, so we are spending about 50% of the CPU on CRC/WEP tasks. Thebiggest issue is the 1200 clocks (12 us) required to build theencryption table during receive (For transmission, the calculation canbe done prior to starting packet transfer). Pausing to create the tablewould put the CPU about 18 bytes (12 us at 770 ns/byte) behind in theCRC/WEP/CRC calculation process. It would require about 40 data bytes tocatch up (1200 clocks/30 extra clocks per byte) in both packet CRC andWEP/CRC functions. Since the minimum TCP/IP header is at least 40 bytes(plus any user data), we should have enough time. In any case if we area little late in WEP/CRC calculation, no harm is done. An alternativeapproach would be to catch up first for the packet CRC calculation andthen catch up with WEP/CRC.

[0096] After CRC and WEP/CRC processing, the next most critical activityis header parsing on receive and generation on transmit. This is becauseof the need to identify packets for the station and generate appropriateresponses. On receive, the processor must parse two or three 48 bitaddresses and at least a 16 bit header command field. After the packetcompletes, an ACK may need to be generated.

[0097] The 5402 can easily handle these functions. Since these functionsare performed prior to WEP processing, the CPU has 64 instructions/byte(77-13) to perform these functions. Since many of them can be performedon a 16 bit or even 32 bit basis (the 5402 supports both 16 and 32operations), there may be up to 128 or 256 instructions per data item(i.e. 256 instructions to perform a 32 bit address check). Thesefunctions are performed at 2 Mbit using a 1 MIPS 188 CPU. We have a 100MIPS CPU to do the same tasks at 11 Mbit/sec.

[0098] ACK generation is likewise relatively simple. An ACK frame isonly 14 bytes long, including the 4 CRC-32. Given there is a long (80us) preamble, we have 8000 instructions to prepare the ACK. The sameapplies to RTS/CTS exchanges.

[0099] There are two 16 bit timers available on the 5402. In this model,one would be used for TSF timing and the other for all other functions.There are really only a few other timer functions: NAV, Retransmission,collision avoidance slot countdown, etc. Retransmission and collisionavoidance activities go on only when waiting for an ACK or to start aretransmission after detection of an idle network. In such cases thereis no data transfer going on and so there is lots of CPU cyclesavailable.

[0100] Support for MU PSP function can be done in a variety of ways,depending on how much, if any, external hardware is provided. The 5402provides a variety of means of conserving power. The first is simply toslow down the CPU clock via the software controlled PLL within the unit.The 5402 generates internal clocks via a PLL that is driven by either anexternal crystal or clock. The PLL multiplies the base frequency of thecrystal/external clock by a factor determined by software. Hence onemeans of controlling power consumption is simply to slow down the CPUclock. Since the CPU portion of the processor consumes most of thepower, slowing it down has the biggest affect on power consumption.

[0101] The second approach is use one of the IDLE modes of theprocessor. IDLE1 stops the CPU clock entirely but leaves everything elserunning. Power consumption in this mode is on the order of 6 mA at 100MHz. The CPU can be restarted by any interrupt (internal or external).In IDLE2 the system clock is stopped and this reduces consumption to 2mA. In IDLE3, all system functions are stopped and consumption isreduced to around 2 ua. In all cases all state is retained. In IDLE2 andIDLE3, an external interrupt is required to restart the CPU. In suchcases an external, low power timer would be required.

[0102] Thus with no external hardware, power consumption could bereduced to at least 6 mA and perhaps less. With a simple external timer,one could get down to microamps.

[0103] The bottom line is that the vast CPU power of the 5402 allows alllower level MAC functions to be performed in software. Furthermore ithas sufficient power and memory to handle additional “higher level”functions such as packet retransmission, fragmentation, and reassemblythat can also be done in a cell controller.

[0104] The system 10 of the present invention is compatible with IEEEStandard 820.11 and accordingly will operate with any mobile units 20,including existing units, which are compatible with the same standard.However, the improvements applied to the RF ports 18, reducing thecomplexity and cost of these units can also be applied to the mobileunits 20, which have sufficient main processor capacity to handle themobile unit functions corresponding to the higher order MAC functions.

[0105] Referring to FIG. 2 there is shown a block diagram for a mobileunit 20 having a mobile unit computer 22 and a WLAN adapter 24 connectedthereto to provide wireless communications to the system 10 of FIG. 1.In the mobile unit 20 of FIG. 2, the lower level MAC functions areperformed in WLAN adapter 24, which also includes RF module 28 andantenna 29. The configuration of WLAN adapter 24 may be similar toexisting adaptors, but preferably adapter 24 is simplified to performonly the lower level MAC functions of the IEEE 802.11 protocol and allowspecial software 34 in host computer 22 to perform the higher level MACfunctions, such as association and roaming. In a preferred arrangementthe MAC functions of adapter 24 are performed in a digital signalprocessor 26, as described below, which may be the same type DSPdescribed with respect to RF port 50.

[0106] This section addresses how the 5402 DSP could be used as a MACengine in Mobile Unit configurations. There are two considerations inbuilding MU WLAN solutions. The first is the location of those MACfunctions, while the second is the physical interface to the host.

[0107] The location of the upper level MAC functions may varyconsiderably. Some possibilities are:

[0108] All functions on MAC engine DSP processor 26

[0109] All functions on host processor 22

[0110] Roaming/association on host processor 22, rest on MAC engine 26

[0111] Roaming/association/retransmission on host 22, rest on MAC engine26. The choice of the location of the higher level MAC functions has amajor impact on the cost of MU WLAN adapter. If one is willing to placeat least some of the higher level functions on a host processor 22, thenone could get by with just the 5402 on the WLAN adapter. Possiblefunctions to place on the host would be roaming and association control.Higher level functions such as retransmission andfragmentation/reassembly could be left on the 5402. This split wouldpermit significant savings, since another processor/memory subsystemwould not be needed on the WLAN adapter. There are two reasons for notplacing all of the MAC functions on the 5402. The first is memory spaceon the 5402 is only 32KB of SRAM for both code and data. In some MACimplementations such as frequency hop, the code space alone exceeds 32KB. The second reason is that the software on the 5402 is orientedtoward meeting hard, real-time tasks such as CRC and WEP processing.Trying to add software intensive tasks would only complicate theprocess.

[0112] If another processor was required, such as an ARM or perhaps asecond 5000 Series processor, the upper level functions could be addedto it.

[0113] Alternatively one could place all the MAC functions on a fasterand/or bigger version of the 5402 processor. Such a processor wouldlikely have a higher clock rate (current members of the 5000 Series canbe clocked as high as 160 MIPS) and more memory (say 64 KB instead of32KB).

[0114] Both the second processor as well as a faster/bigger 5402 wouldconsume additional power as well as adding cost.

[0115] This section will describe one approach of how a MU WLAN adaptercan be arranged for various hardware host interfaces using the 5402. Itassumes that enough of the upper level MAC functions have been offloadedto a host processor so that only the 5402 is required on the PLANadapter. A second processor could be added to any of the solutionsoutlined below.

[0116] In all of the following solutions, it is assumed that the runtimecode for the 5402 is loaded from an external source (such as computer22) via the host interface 32. This eliminates the need for flash memoryon the adapter card, saving several dollars in the process. It should bepointed out that the 5402 comes with 8KB of mask programmable ROM and abootloader program (required for the USB and Ethernet host interfaces)would be placed in it. The bootloader would be smart enough to downloadthe runtime code instructions over whatever serial interface wasavailable.

[0117] The simplest interface of all would be for a host to use the HostPort on the 5402. This port operates as a dual port interface into thememory within the 5402. It would not be a standard interface but wouldbe quite suitable for dedicated systems. Using it, computer 22 canread/write memory on a random or sequential basis. It is an 8 bitinterface and can operate as fast as 160 Mbit/sec. When operated inrandom access mode, the computer 22 generates a 16 bit address using twowrites to the port and then performs either a read or write operation.Such a mode allows a host to set up command blocks and the like withinthe memory of the 5402. Sequential mode allows a host to transfer datain and out of the 5402 memory very quickly (160 Mbit/sec). This would beused for transferring data.

[0118] If this approach was used, the only digital component on the WLANadapter would be the 5402.

[0119] In the system of FIG. 1, the cell controller 14 is a board levelpersonal computer coupled to the switching hub 12 preferably by 10 M bitand 100 Mb Ethernet ports. For smaller systems a 350 MHz Pentiumcomputer with 16 MB RAM may be used. For larger systems having many RFports a 500 MHz Pentium with 64MB RAM is appropriate. Communications toand from the wired network are preferably carried out at 100 MHz.Communications to and from RF ports may be carried out at 10 MHz. Asecond cell controller may be supplied for larger systems and/or toprovide backup in the event one cell controller fails. Reliability canbe enhanced by providing dual fans and dual power supplies. A flash diskmemory may be used for reliability. Alternately, the cell controller 14may be built into the switching hub 12 or into a host processor.

[0120] The operating system for the cell controller 14 may be a realtime operating system, such as VRTX or QNX, which provides multitasking,a full network stack and utilities. Web based management utilities,which are client side java based, are provided for maintaining theconfiguration of the cell controller 14, the RF ports 18 and status ofthe mobile units 20.

[0121] The cell controller 14 includes applications to provide mobileunit association management, roaming and packet buffer management. Theseapplications are similar to those performed by current access points inthe Spectrum 24 system. The cell controller 14 may also provide QoSsupport, user authorization and configuration management. Placing thesefunctions on a personal computer cell controller facilitates systemmanagement and program updates using available programming tools.Further, modifications to authorization or management functions needonly be installed into the cell controller 14, and no modification tothe software of the RF ports 18 is required.

[0122] The cell controllers 14 handle routing of all messages to or fromthe mobile unit. The cell controller buffers message packets receivedfrom the wired network and determines the appropriate RF port 18 withwhich the addressed mobile unit 20 is associated and sends the packet tothe RF port 18. The cell controller 14 can additionally perform WEPencryption/decryption and the CAC associated therewith.

[0123] The cell controller 14 may also the additional function ofmaintaining and downloading firmware to the RF ports 18. Upon power upthe RF ports 18 use a bootloader routine stored in ROM to send adownload request to cell controller 14. The cell controller thendownloads firmware to the RF port 18, including configurationinformation such as channel assignment, ESS and BSS identification. Thecell controller 14 and RF ports 18 additionally share a common TSFclock.

[0124] The mobile unit computer 22 of mobile unit 20 is provided withsimilar software to perform the higher level MAC functions as outlinedabove. Advantageously, the software 34 can be programmed using the sameoperating system as provided for the computer, and thereby provide auser interface, such as Windows, which is familiar to the user. Themobile unit software 34 provides the MAC functions of header building,roaming and association. The mobile unit computer 22 may also downloadfirmware to the processor in the WLAN adapter 24.

[0125] As evident from the forgoing description, the hardware for RFport 18 and WLAN adapter 24 of mobile unit 20 can be substantiallysimilar, with the possible exception of the interface to an Ethernetnetwork or to a mobile unit host. Further, the logical cell controllerfunction and the higher order MAC functions performed by the mobile unithost processor can be performed on any computer system.

[0126] Using the RF port 18 of the present invention coupled to acomputer system, it is possible to provide either a mobile unit or awireless network according to the software provided. Since the softwarefor RF port 18 may be downloaded from a host system a simple combinationof a computer and one or more RF ports can function as either a WLANmobile unit as a WLAN host or both, by providing function selectablefirmware to the processor in the RF port.

[0127] In the arrangement shown in FIG. 5, a personal computer 70 isprovided with software 72 and connected to one or more RF ports 50A, 50Bto provide a complete host system for wireless data communications. Thisarrangement could be used, for example, in a small business whereinoffice equipment is connected to server 70 by a wired network forconventional LAN operation and one or more RF ports 50 are alsoconnected to server 70 on the LAN system to provide data communicationsbetween the server 70 and mobile units. The server can perform thehigher order MAC functions and download firmware instructions to the RFports. Alternatively, the firmware instructions can be installed on PROMmemory in the RF ports.

[0128]FIG. 6 shows an arrangement for providing wireless access to theInternet using the RF port 50 of the present invention. Internet accessover communications line 80 to modem 82 may be provided by cable, DSL orfiber optical transmission. RF port 50 may be provided with MAC firmwareon PROM or may be configured with a bootloader program to downloadfirmware from an ISP server. When installed in a home or office, mobileunits 20 can associate with RF port 50 to initiate Internet access. TheISP server may perform the higher level MAC function, or they may beprovided in RF port 50.

[0129] The mobile units 20 may be the personal computers 22 in a home oroffice with a WLAN adapter 24 as shown in FIG. 2.

[0130]FIG. 7 illustrates an example of communications formats that mightbe used in the various system embodiments of the present invention. TheFIG. 7 example assumes that the configuration includes a host 90connected to a dedicated cell controller 14, which is likewise connectedto RF port 18. It should be clearly understood that the logical cellcontroller functions may be performed in host 90, particularly in asimple system.

[0131] In the FIG. 7 example host 90 sends message “A” having 100 databytes via an Ethernet packet 100 to cell controller 14. Packet 100 has adestination address of the Mobile unit (M1), a source address of thehost (H) and includes data (A). Cell controller 14 formats the data in802.11 format with the destination corresponding to mobile unit (MU1)20. The cell encapsulates this 802.11 packet with data A into anEthernet packet 104 addressed to RF port 1 (RF1) from the cellcontroller (cell controller).

[0132] RF port 18 receives the Ethernet packet 104 from cell controller14 and generates and sends an RF packet 112 in 802.11 format to mobileunit 20, including data A. It should be understood that 802.11 headergeneration can be provided at either the cell controller 14 or the RFport 18, but packet 104 must include mobile unit identification dataeither as an 802.11 header or otherwise to enable RF port 18 to generatethe header. RF port 18 additionally performs the CRC computation andadds the result to the 802.11 packet 112.

[0133] A second message “B” having 1500 bytes of data is also shown asoriginating as Ethernet packet 102 from host 90 to cell controller 14.Cell controller fragments data message B into three fragments B1, B2 andB3 to accommodate the 500 byte data limit of 802.11 packets. These threefragments are sent as Ethernet packets 106, 108, 110 to RF port 18,which transmits RF signal packets 114, 116, 118 to mobile unit 20.

[0134] Reverse communication is similar. Message C has 100 bytes and issent by mobile unit 20 to RF port 18 as 802.11 RF signal packet 200. RFport 18 encapsulates this message into Ethernet packet 208 and sends itto cell controller 14, which extracts the destination information anddata to provide Ethernet message 216 to the host 90. A larger message Dis sent as message fragments 202, 204, 206 to RF ports 18, relayed asEthernet packets 210, 212, 214 to cell controller 14 and sent as areassembled Ethernet packet 218 to host 90.

[0135] Referring now to FIG. 8, shown is an application of the centralcontroller/RF port model that may be used to set multiple overlappingESS LANs for use in the same or overlapping physical space. Shown inFIG. 8 is a central controller 260 which is associated with two RFports, RF port 1 250 and RF port 2 270. The central controller 260 maybe associated with more than two RF ports, but two are shown forillustration purposes. Each RF port 250, 270 provides coverage for awireless LAN in the physical areas 240, 310.

[0136]FIG. 8 further illustrates the concept of providing multiple ESSidentifications through the same RF port and cell controller such thateach ESS identification is associated with a separate virtual wirelesslocal area network having its own policies and security. Thus, RF port 1250 may be configured so as to support separate BSS networks 1A 230, 1B220 and 1C 210, all of which occupy the same physical space 240. The RFport may support more than three BSS networks, but three are shown forillustration purposes. Similarly, RF port 2 270 may be configured so asto support BSS networks 2A 300, 2B 290 and 2C 280, all of which occupythe same physical space 310. Using the configuration as shown in FIG. 8,multiple ESS LANs may be coordinated by the central controller 260 inthe physical space 240 and 310. ESS A consists of BSS 1A 230 and BSS 2A300. ESS B consists of BSS 1B 220 and 2B 290. BSS C consists of BSS 1C210 and 2C 280.

[0137] As discussed in further detail above the RF ports 250, 270preferably performs only functions of the access point that require alower level of processing resources in terms of processor capacity andsoftware complexity (memory requirement), and which are time critical.Other functions that are more processor intensive and require movecomplex programming, and which are not time critical, are relegated toone or more cell controllers 260, which may perform these more complexfunctions for a plurality of RF ports 250, 270. In the case illustratedin FIG. 8, the central controller handles the necessary processing ofmultiple ESS LANs A, B, C in the same physical space 240 and 310.

[0138] One application of multiple ESS LANs may be found on a publicplace, such as an airport where, for example, three levels of wirelessnetworks may operate. A first public network level with generally openaccess to a wireless local area network that might provide, for example,public wireless telephone or internet access. A second network levelwould involve airport operations, such as luggage handling, aircraftservicing, etc. A third network level may be reserved for emergenciesand security. Devices using the network can be restricted by the cellcontroller as to which virtual network they can access using the same RFport of the wireless network system. The cell controller would therebycontrol communications between mobile units accessing an RF port and thethree or more virtual networks such that, for example, a member of thepublic using a publicly available device could only access the publicfunctions of the system and therefore only have access to the lowestlevel of virtual wireless network. Other personnel, such as airportemployees, may have access to the public level and also have access tothe airport operational network. The security-based network would beavailable for select airport personnel such as management and securityofficers.

[0139] The cell controller performs the function of determining whichESS network a mobile unit communicating with an RF port associated withthe cell controller is operating on, and thereby controls the directionof communication from the cell controller to the network. The cellcontroller can verify the multiple levels of security provided inconnection with the access by the mobile unit devices, and in additioncan prioritize communications so that higher priority communicationssuch as security communications are given greater access to the systemduring higher traffic conditions. For example, in the three-tierembodiment discussed above, the security network could have a feature todisallow all other network access in an emergency situation.

[0140] A similar multi-virtual LAN network may be also useful in ahealth care facility wherein different networks are used for security,medical care, personal and public information.

[0141] The architecture described herein offers advantages in severaldiscrete areas of wireless network management.

[0142] Bandwidth Management

[0143] An aspect of functionality that can be realized in connectionwith the configuration described herein is to modify the bandwidth ofcommunications in accordance with the type of device with which thecommunication is associated. For example, where a data set comprises animage, for example retrieved from the Internet, the resolution of theimage can be modified in the cell controller to accommodate theresolution capacity of a portable device. Therefore, rather than providea highly detailed image of the type that can be displayed on a personalcomputer, an image-bearing message can be reduced in resolution in thecell controller to a lower resolution, compatible with a portabledevice, such as a personal digital assistant. By therefore reducing theresolution of the image being sent, the bandwidth and data capacitynecessary to send the image can be significantly reduced.

[0144] Another functionality available with the configuration describedherein is to control the individual RF ports according to the trafficexperienced by the system. For example, the cell controller can assignedan RF port experiencing a high volume of communication to a differentchannel, such as a reserve channel on which no other RF ports areoperating. This will minimize interference in communications conductedwith a particular RF port that is experiencing high volume. In thismanner the RF port may be the only RF port operating on the particular,reserve channel. The cell controller has real time information availableto it in order to make the changes in the RF port configuration toaccommodate changing load conditions.

[0145] A wireless system may also contain RF ports sending and receivingoverlapping 2.4 GHz, Bluetooth, and 5 GHz signals. These signals willhave differing frequencies, power levels, and data rates. Because thecell controller will monitor all features of the frequencies generatedby the RF ports and will know the locations of the RF ports, the cellcontroller will have the ability to optimize the frequency, power leveland data rates in the physical space for the best possible performance.

[0146] The cell controller provides a central location for interfacingthe WLAN with WAN features that may be accessed by users. For example,the cell controller can coordinate the processing necessary to enablevoice over IP (VoIP), i.e. compression or user allocations. Compressionis particularly enhanced using a cell controller because the cellcontroller can maintain the necessary historical dictionaries needed forefficient compression algorithms in one location that applies to all RFports. The cell controller can also proxy to access a SIM database forWAN users in advance of actually needing this data to performoperations.

[0147] The cell controller allows additional functionality to the WLANat all levels while maintaining the compatibility in the MAC levelnecessary for IEEE 802.11 systems. One such example would networkmanagement features that are not present in the 802.11 protocol butwould be useful to operate at the cell controller/RF port level. Anembodiment of this is to monitor the software versions present in theMUs in a WLAN and send out updated versions when each MU “checks in”with the cell controller. Ultimately this allows the costs of APs/RFports to remain relatively inexpensive.

[0148] Other aspects of routing traffic through the cell controller isthe ability to detect interference and noise and the ability to controlthe transmit power of particular RF ports. For example, the cellcontroller can command the RF port to provide the signal level they arereceiving when there is no communication (background noise orinterference) to the cell controller. This can be used to provide ananalysis of the system operation or to provide the detection ofbackground interference and its location.

[0149] Security

[0150] Another available function of this architecture is control ofassociation, since all association is handled in a cell controller.Accordingly, where a “public access only” device attempts to associatewith the system in a secure area such as, for example, an airportcontrol tower, where a member of the public should not be, the fact ofthis association attempt can be noted in the cell controller andautomatically give notice to security personnel. The cell controller canadditionally deny or permit access to a mobile unit attempting toassociate with an RF port according to traffic at the RF port asobserved at the cell controller. The cell controller thereby has ameasure of control over roaming and can command a mobile unit as towhich RF port to become associated with. Indeed, under many WLANarchitectures, APs do not coordinate with each other to determine ifthey are being probed in such a way that an attempt to break securitymay be occurring. In contrast, a cell controller can monitor all suchprobing to determine if an attack may be taking place. Logs of suchprobing may be kept. In addition, authentication protocols may becentralized in the cell controller instead of on a central server,creating greater efficiency.

[0151] Another important aspect of control of association and roaming inthe cell controller is the fact that the cell controller can perform a“soft-roaming” function. Soft-roaming takes place when the cellcontroller changes ownership of the BSS identification between RF units.In essence the cell controller has the ability to tell a mobile unitwhich RF port it will communicate through. In connection with doing soit is possible for one RF port to monitor traffic to another RF port andthereby advise the cell controller that it has the capability ofreceiving signals from that particular mobile unit. The cell controllerhas the ability to control the access of the mobile units to RF portsaccording to traffic as observed in the cell controller. One aspect ofthe system is that the intelligence in the cell controller interactswith the intelligence in the mobile unit to control association. The RFport has no part in this and accordingly there is a greater ability tocentrally managed the flow of traffic through the RF port. Anotheraspect is to provide an arrangement in the cell controller wherein onlyone RF port can perform secure data communication. When a mobile unitdesires a secure link, the cell controller can switch the mobile unit toa particular RF port for secure communications. In essence the unit iscapable of providing a virtual RF port. The switching of the BSSidentification between RF ports takes place in the cell controller andthe mobile unit has no idea that it has been given the bait and switch.Another aspect of the centralized management is security, in that if amobile unit which does not have access authorization attempts a numberof times to gain access to the system, the security program in the cellcontroller can provide an alert and in essence lock out further attemptsby that mobile unit.

[0152] Location tracking

[0153] In the architecture described herein, because RF ports arecheaper than typical APs, there may be more RF ports in a given areathan APs. This proliferation of RF ports will allow location tracking totake place. Moreover, one RF port has the ability to “snoop” and listenin to the traffic between another RF port and a mobile unit. The cellcontroller can take all this data in and use time stamping based on thearrival of data. Such information can be passed through the Ethernet toa processor that can determine location.

[0154] Diagnostic capability

[0155] An important capability which the cell controller can alsoimplement is the diagnostic capability. As an initial calibration when asystem is first brought into operation the cell controller can cause theRF ports to go through a sequence in which the RF ports communicate toeach other. In this way the signal level of each RF port, as observed atone or more other RF ports, can be monitored and the radio location ofthe RF ports can be mapped, for example, to create alternative RF portsto which traffic can be switched in the event of excess traffic on anyparticular RF port. Accordingly using RF signals the cell controller candynamically discover the RF locations and signal characteristics betweenRF ports. Each RF port in this case would provide the cell controllerwith an indication of the strength of the signals received. The cellcontroller can also record the background noise level. Following theinitial calibration of the system the cell controller can undertakeperiodic diagnostics, wherein signals are sent from one RF port toanother and the signal level is relayed to the cell controller todetermine whether if the transmitters and receivers are operatingproperly. In this respect, the signals received can be compared to thebase line signal levels which have been recorded at the cell controlleras a calibration level. Changes in background noise can also bedetermined and this can be used to detect a problem with a receiver inthe system.

[0156] While there has been described what is believed to be claimed inthe above-identified application those skilled in the art will recognizethat other and further modifications may be made without departing fromthe scope of the invention and it is intended to claim all such changesand modifications as fall within the true scope of the invention.

I claim:
 1. A system for providing wireless data communications betweenmobile units and a wired network, comprising: a plurality of RF portshaving at least one data interface and a security status, said RF portsbeing arranged to receive formatted data signals at said data interfaceand transmit corresponding RF data signals and arranged to receive RFdata signals and provide corresponding formatted data signals; and atleast one cell controller, arranged to receive data signals from saidwired network and to provide formatted data signals correspondingthereto to said data interface of said RF ports and to receive formatteddata signals from said RF ports and to provide data signalscorresponding thereto to said wired network, said cell controllercontrolling association of mobile units with one of said RF ports basedon the security status of the one of said RF ports, providing formatteddata signals for said mobile units to an associated RF port, andreceiving formatted data signals from said mobile unit from saidassociated RF port.
 2. A method for operating a wireless local areanetwork having at least one RF port, a plurality of mobile units and acell controller coupled to said RF port, comprising: operating said RFport with a security status to relay signals received from mobile unitsbased on the security status of said RF port to said cell controller andto relay signals received from said cell controller to said mobileunits, and operating said cell controller to control association of saidmobile units with said RF port, including sending and receivingassociation signals between said RF port and said cell controller, andoperating said cell controller to send messages to and from said mobileunit via said RF ports.
 3. A method for operating a wireless local areanetwork as specified in claim 2, wherein signals are sent between saidRF port and said cell controller using a first data protocol, andwherein signals are sent between said RF ports and said mobile unitsusing a second data protocol, and wherein said signals between said RFport and said cell controllers comprise data packets using said firstdata protocol encapsulating data packets using said second dataprotocol.
 4. A method for operating a wireless local area network asspecified in claim 3 wherein said first protocol is an Ethernetprotocol.
 5. A method for operating a wireless local area network asspecified in claim 4 wherein said second protocol is an IEEE Standard802.11 protocol.
 6. In a wireless data communications system forproviding data communications following a standardized protocol, saidprotocol including association of mobile units with radio accesslocations, the improvement wherein there is provided at least one RFport at a radio access location, said RF port comprising a radio moduleand an RF port processor in data communications with a programmedcomputer and having a security status, wherein said RF port processorperforms first functions of said standardized protocol and saidprogrammed computer performs second functions of said standardizedprotocol, including said association of mobile units with said radioaccess location.
 7. The improvement specified in claim 6, wherein saidRF port further includes a read-only memory and a random access memory,and wherein said read-only memory includes a bootloader program, whereinsaid RF port processor is arranged to operate under said bootloaderprogram to download instructions form said programmed computer and tostore said instructions in said random access memory, and wherein saidRF port processor operates under control of said downloaded instructionsto perform said first functions.
 8. The improvement specified in claim6, wherein said standardized protocol includes cyclic redundancy checkfunctions, and wherein said first functions include said cyclicredundancy check functions.
 9. The improvement specified in claim 6,wherein said standardized protocol includes encryption/decryptionfunctions and wherein said first functions include saidencryption/decryption functions.
 10. The improvement specified in claim6, wherein said standardized protocol includes encryption/decryptionfunctions and wherein said second functions include saidencryption/decryption functions.
 11. An RF port for use in a wirelessdata communications system comprising a radio module, having a datainterface, a security status, and a transmitter/receiver for wirelessdata communications, and a digital signal processor, having first andsecond data communications ports, random access memory and read-onlymemory, wherein said second data communications port is coupled to saiddata interface of said radio module, wherein said read-only memory isprovided with a bootloader program for controlling said digital signalprocessor to load program instructions to said random access memory viasaid first communications port.
 12. An RF port as specified in claim 11,wherein said digital processor has a third data communications port andwherein said third data communications ports is coupled to said datainterface of said radio module.
 13. An RF port as specified in claim 12,wherein said second and third communications ports of said digitalprocessor comprise serial ports.
 14. An RF port as specified in claim11, wherein said first communications port comprises a parallel port.15. An RF port as specified in claim 14 wherein said parallel port iscoupled to an Ethernet controller.
 16. A method for operating an RF porthaving a radio module, a security status, a digital processor, randomaccess memory and read-only memory, comprising storing a bootloaderprogram in said read-only memory, operating said digital processor todownload instructions from a computer to said random access memory usingsaid bootloader program and based on said security status operating saidRF port under said downloaded instructions to send and receive messagesusing said radio module.
 17. A method as specified in claim 16, whereinsaid step of operating said RF port comprises receiving messages fromsaid computer including protocol message portions for RF messagetransmission, and transmitting said message including said protocolmessage portions as an RF signal.
 18. A method as specified in claim 16,wherein said step of operating said RF port comprises receiving RFmessages having an RF protocol and sending said RF messages to saidcomputer as data signals encapsulated in a further message protocol. 19.A method as specified in claim 18 further comprising interpreting saidRF protocol using said downloaded instructions and sending said RFmessages to said computer only if said RF messages include anidentification of said RF port.
 20. A method as specified in claim 16wherein said downloaded instructions configure said computer and said RFport to operate as an access point for communication with mobile units.21. A method as specified in claim 20 wherein said computer is operatedto control association of said mobile units with said computer and RFport.
 22. A method as specified in claim 16 wherein said downloadedinstructions configure said computer and said RF port to operate as amobile unit for communications with access points.
 23. A method asspecified in claim 19 wherein said downloaded instructions configuresaid computer and said RF port to operate as either an access point or amobile unit under control instructions form said computer.
 24. A methodfor transmitting signals having a wireless signal format using an RFport having a wired network interface, a data processor, a securitystatus and an RF module, comprising providing signals to said wirednetwork interface having wireless address data and message data within adata packet addressed to said RF port using a protocol for said wirednetwork, operating said processor to provide wireless data signalshaving said wireless signal format for said address data and saidmessage data to said RF module and operating said RF module to transmitsaid wireless data signals as an RF signal modulated with said wirelesssignal format.
 25. A method for transmitting signals having a wirelesssignals format using an RF port having an Ethernet interface, a securitystatus, data processor and an RF module, comprising providing anEthernet data packet to said Ethernet interface, said Ethernet datapacket encapsulating as data a data message having said wireless signalformat, operating said data processor to provide said data message tosaid RF module, and operating said RF module to transmit said datamessage as an RF signal.
 26. A method as specified in claim 25 furthercomprising operating said data processor to perform a cyclic redundancycomputation on said data message and adding the result thereof to saiddata message.
 27. A method as specified in claim 25 further comprisingoperating said data processor to control said radio module.
 28. A methodfor receiving signals having a wireless signal format including wirelessaddress data and message data at an RF port having a security status,wired network interface, a data processor and an RF module, comprisingoperating said RF module to receive RF signals having said wirelesssignal format, operating said data processor to receive wireless datasignals from said RF module and provide data signals to said wirednetwork interface comprising a data packet having a source addresscorresponding to said RF port using a protocol for said wired network,said data packet including said wireless address data and said messagedata.
 29. A method for receiving RF message signals having a wirelesssignal format including an address data format and message data using anRF port having an Ethernet interface, a security status, a dataprocessor and an RF module, comprising receiving said RF message signalsin said RF module and providing said signals as data signals to saiddata processor, operating said data processor to interpret address datain said data signals and, in dependence on said address dataencapsulating said message data and address data in an Ethernet packetand providing said Ethernet packet to said Ethernet interface.
 30. Amethod as specified in claim 29 wherein said data processor is operatedto encapsulated said address data in said Ethernet packet.
 31. A methodas specified in claim 29 wherein said data processor is further operatedto perform a cyclic redundancy computation on said message data and tocompare the result thereof with corresponding data received in said datasignals.
 32. A method as specified in claim 29, further comprisingoperating said data processor to control said radio module.
 33. Asimplified wireless local area network system comprising: a computerhaving a data processor and a memory; an RF port having an RF port dataprocessor, an RF module, a security status and a data communicationsinterface coupled to said computer; a first program in said memory ofsaid computer for operating said computer data processor to performfirst wireless data communications functions, said functions includingassociation with mobile units; and a second program for operating saidRF port data processor to perform second wireless data communicationsfunctions.
 34. A system as specified in claim 33 wherein said secondprogram operates said RF port data processor to perform second wirelessdata communications functions, including control of said RF module. 35.A system as specified in claim 33 wherein said second program operatessaid RF port data processor to perform second wireless datacommunications functions, including cyclic redundancy check functions.36. A system as specified in claim 33 wherein said second program isstored in said computer memory and wherein said RF port data processoris arranged to download said second program.
 37. A wireless accessdevice for providing wireless access to a communication system,comprising a modem for sending and receiving data messages on saidcommunications system and an RF port, comprising a data interfacecoupled to said modem, a data processor, a security status, and an RFmodule, said processor being programmed to receive data messages fromsaid modem, to format said messages for wireless data communications andto provide said formatted messages to said RF module for transmission byRF data signals to at least one remote station, and to receive RF datasignals from said at least one remote station, and to provide datamessages to said modem to be sent on said communications system.
 38. Awireless access device as specified in claim 37 wherein saidcommunications system is a DSL communications system connected to theInternet, and wherein said modem comprises a DSL modem.
 39. A wirelessaccess device as specified in claim 37 wherein said communicationssystem is a two-way cable communications system connected to theInternet, and wherein said modem comprises a cable modem.
 40. A wirelessaccess device as specified in claim 38 wherein said communication systemcomprises a fiber optic system, and wherein said modem comprises a fiberoptical modem.
 41. A method for providing wireless access to theInternet, comprising providing a modem coupled to the Internet andhaving a data communications interface connected to an RF port,configuring said RF port for wireless data communication to a mobileunit having a predetermined wireless communications address, andproviding at least one mobile unit configured with said predeterminedwireless communications address for conducting RF data communicationswith said RF port, said RF port being arranged to relay communicationsbetween said mobile unit and said modem based on a security status ofsaid RF port.
 42. The method specified in claim 41 wherein said step ofproviding said mobile unit, comprises providing a computer having an RFport.
 43. A system for sending and receiving data messages to at leastone mobile unit, comprising: at least one RF port having a securitystatus, an RF module for sending and receiving data messages to said atleast one mobile unit using a first RF communications protocol, having awired interface for sending and receiving data messages using a wiredcommunications protocol, and a programmed processor for relaying datamessages received on said wired interface using said RF communicationsprotocol and for relaying data messages received by said RF module usingsaid wired communications protocol; and at least one cell controller forsending data messages to said wired interface of said RF port and forreceiving data messages from said RF port using said wiredcommunications protocol.
 44. A system as specified in claim 43, whereinthere are provided a plurality of said RF ports, and wherein said cellcontroller is arranged to address said data messages to said RF portsusing said wired communication protocol.
 45. A system as specified inclaim 44 wherein said at least one mobile unit is associated with one ofsaid RF ports, and wherein said processor is programmed to interpretsource address data received in said RF communications protocol and forrelaying a received message using said wired communications protocolonly if said source address data corresponds to a mobile unit associatedwith said RF port.
 46. A system as specified in claim 43 wherein saidcell controller is arranged to provide messages to said RF portcomprising mobile unit address data and message data encapsulated in adata packet following said wired communications protocol.
 47. A systemas specified in claim 46 wherein said cell controller is arranged toprovide said mobile unit address data and said message data in said RFcommunications protocol encapsulated in said wired communicationsformat.
 48. A system as specified in claim 43 wherein said RF port isarranged to encapsulate messages received by said RF module in a datapacket using said wired communication protocol.
 49. A method foroperating a wireless data communication system having at least one cellcontroller, at least one RF port and at least one mobile unit,comprising sending a first data message for said mobile unit from saidcell controller to said RF port using a wired communication protocol,relaying said first message in said RF port using an RF communicationprotocol and sending said first message by radio signal from said RFport to said mobile unit based on the security status of said RF port.50. The method specified in claim 49 wherein there are a plurality of RFports and wherein said mobile unit is associated with one of said RFports, and wherein said first data message is addressed to said RF portassociated with said mobile unit.
 51. The method specified in claim 49wherein sending said first data message to said RF port comprisessending address data and message data encapsulated in a data packetusing said wired communications protocol.
 52. The method specified inclaim 51 wherein said encapsulated address data and message data isformatted according to said RF communications protocol.
 53. The methodspecified in claim 49, further comprising sending a second data messagefrom said mobile unit to said RF port by radio signal using said RFcommunication protocol, and relayting said second data message usingsaid wired communication protocol from said RF port to said cellcontroller.
 54. A method for operating a wireless data communicationssystem having at least one cell controller, at least one RF port and atleast one mobile unit, comprising sending a data message by radio signalfrom said mobile unit to said RF port using an RF communicationsprotocol, and relaying said message using a wired communication protocolfrom said RF port to said cell controller based on the security statusof said RF port.
 55. The method specified in claim 54 wherein saidrelaying comprises encapsulating said RF communications protocol messagein a data packet using said wired communications protocol.